Texas has become the first state in the nation to require law enforcement to obtain a warrant to read people's email, and privacy advocates are hoping the move will help quicken the passage of a similar proposal in Congress.

Texas Gov. Rick Perry signed the privacy bill last week. The proposal was introduced in the Legislature by 29-year-old Republican Rep. Jonathan Stickland, a conservative with Tea Party backing. Liberals also supported the measure.

While the Lone Star state is the first, it is unlikely to be the last to pass such a law. The California Legislature is considering a bill barring warrantless email surveillance and snooping on messages and profile information stored on social networking sites like Facebook and Twitter.

Privacy advocates are hoping that states passing such laws will pressure Congress to amend the Electronic Communications Privacy Act, which requires a warrant only for unopened email. Opened messages, as well as email left unopened for more than 180 days, do not require federal law enforcement to get a warrant.

"The big impact is a signal to Congress that you can pass this type of law and the world will not fall apart and the sky will not fall," said Hanni Fakhoury, staff attorney for the Electronic Frontier Foundation.

Voters are unlikely to retaliate at the polls if lawmakers pass such legislation, Fakhoury said, and "whether you are local law enforcement or federal law enforcement, you can still stop the bad guys."

The Stored Communications Act, enacted in 1986 as part of the ECPA, gives states the right to pass privacy laws more stringent than federal statutes, according to Fakhoury. "The federal Stored Communications Act is a floor, and the states can enact stronger protections."

However, state laws only apply to local law enforcement and cannot be used to force federal authorities to obtain warrants or to impede their investigations.

State and federal law enforcement often work under differing laws that apply to the same issue, and have learned to deal with the conflicts. "The idea that (the state law) is going to make (investigations) any harder is a cop out," Fakhoury said.

Legal experts consider the 27-year-old ECPA woefully outdated and Congress is working on an update. The ECPA Amendments Act of 2013 would require a warrant for electronic communications stored with a service provider, such as Facebook, Google, Microsoft and Yahoo.

The four Internet companies have said that they require warrants before handing over the contents of customers' electronic communications to government entities. How often the companies win in challenging government entities is not clear.

Nevertheless, state lawmakers are starting to bolster privacy. Maine lawmakers passed last month a bill that would require a warrant for gathering location information from mobile phones. Enactment is pending while the Legislature looks for funding.

However, law enforcement has had success in arguing against such laws. A bill similar to Maine's died in the Montana Legislature in April and was vetoed last year by California Gov. Jerry Brown, who was concerned that it would hamper criminal investigations.

State and federal law enforcement often work under differing laws that apply to the same issue, and have learned to deal with the conflicts. "The idea that (the state law) is going to make (investigations) any harder is a cop out," Fakhoury said.

All of the above laws and bills apply only to criminal cases within the U.S. They have no impact on cases involving national security, such as recent revelations of the National Security Agency's wide-ranging surveillance of electronic communications.

Latest Videos

​Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.​

No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.